On February 2, 2018, the Federal Reserve Board issued an unprecedented enforcement action against Wells Fargo & Company, prohibiting its asset growth until improvements in board oversight and firmwide risk management systems are implemented. And while not mandated by the consent order, the Federal Reserve also announced that four Wells board members would be replaced by the end of the year. Finally, the Federal Reserve also publicly issued letters of reprimand to Wells’s former CEO and Chair and former Independent Lead Director for failing to satisfy the Federal Reserve’s supervisory expectations; a third public letter was issued to Wells’s current board criticizing its past performance.

While this enforcement action was taken on the last day of Janet Yellen’s tenure as Chair of the Federal Reserve, it is notable that then-Governor and now-Chair Jerome Powell voted in support of the action and, according to news reports, was the top official overseeing negotiations with Wells.[1] This provides some indication that the rigorous expectations—and, indeed, frustrations—signaled by the Federal Reserve’s actions are likely to continue in the foreseeable future. As then-Governor Powell stated last summer: “Across a range of responsibilities, we simply expect much more of boards of directors than ever before. There is no reason to expect that to change.”[2]

Below, we discuss the Federal Reserve’s enforcement action and letters of reprimand and outline some of the significant implications for board members.

The Enforcement Action

The Federal Reserve’s consent order, which was signed by each current Wells board member, states that Wells pursued a business strategy that “emphasized sales and growth without ensuring that senior management had established and maintained an adequate risk management framework commensurate with the size and complexity of the Firm.”

The order imposes various requirements, including:

  • Wells must submit written plans to 1) enhance Board effectiveness in carrying out its oversight and governance duties, and 2) improve Wells’s firmwide compliance and operational risk management program. The plans must contain certain prescribed elements and be approved by the Federal Reserve Bank of San Francisco (the “Reserve Bank”). Among other requirements, the plans must include actions to further improve Board oversight of senior management, “including holding senior management accountable for implementing and maintaining the Firm’s strategy in accordance with Board direction and the Firm’s risk tolerance and capacity, and the Firm’s risk management and control framework.” The plans must also require Board actions to ensure that senior management maintains “an effective and independent firmwide risk management function” that “covers all material risks facing the Firm” and has the “requisite stature, authority, and resources.”
  • Following Wells’s adoption and implementation of the plans, Wells must conduct an independent review of the improvements required by the consent order no later than September 30, 2018.
  • Following the “integration” of these improvements into its “business-as-usual practices and operations,” Wells must conduct a second independent review. These reviews must be conducted by third-party expert(s) acceptable to the Reserve Bank.
  • Wells may not take any action that would cause its total consolidated assets (using a two-quarter average) to exceed December 31, 2017 levels. This restriction will not be lifted until the first review described above is completed to the satisfaction of the Reserve Bank and the Federal Reserve’s Director of the Division of Supervision and Regulation.

Signaling the possibility of further enforcement actions, Wells also agreed to fully cooperate with the Federal Reserve in connection with the “investigations of whether separate enforcement actions should be taken against individuals who are or were institution-affiliated parties of the Firm and who were involved in the conduct underlying this Order.” This includes the use of “best efforts” to make available for interviews or testimony “present or former officers, directors, employees, agents, and consultants of the Firm.” [3]

The Federal Reserve’s press release describes the enforcement action as a response to “recent and widespread consumer abuses and other compliance breakdowns by Wells Fargo.”[4] The press release also announced that, concurrently with the Federal Reserve’s action, “Wells Fargo will replace three current board members by April and a fourth board member by the end of the year.”[5] Chair Yellen stated: “We cannot tolerate pervasive and persistent misconduct at any bank and the consumers harmed by Wells Fargo expect that robust and comprehensive reforms will be put in place to make certain that the abuses do not occur again.”

The Letters of Reprimand

One of the more striking actions taken by the Federal Reserve was its decision to release publicly letters it issued to the current Wells board and its former CEO and Chair and its former Lead Independent Director. These letters were signed by Michael S. Gibson, the Director of the Federal Reserve’s Division of Supervision and Regulation.

In a letter to Senator Elizabeth Warren concerning the Wells action, Chair Yellen described these letters as “letters of reprimand” in response to the former Chair and Lead Independent Director’s “failures to meet supervisory expectations, including failures to take decisive action in response to information concerning improper sales practices and other misconduct by Wells Fargo employees.”[6]

We outline below some of the expectations reflected in these letters:

Boards of Directors[7]

  • Should take steps to ensure that senior management establishes and maintains an effective risk management structure, which has sufficient stature, authority, and resources; is independent of business lines; and is commensurate with the firm’s size, complexity, and risk profile.
  • Should ensure effective reporting from senior management, including more detailed reports and concrete action plans and metrics regarding the effectiveness of management’s response to identified problems.
  • Should ensure that the performance management processes for employees, including compensation and other incentive programs, are consistent with sound risk management objectives and promote the firm’s compliance with laws and regulations.

Board Chair[8]

  • Should ensure that the business strategies approved by the board are consistent with the risk management capabilities of the firm, and that the board has sufficient information to carry out its oversight responsibilities.
  • Should ensure, upon learning of problems, that that the board receives detailed and timely reporting from senior management and should initiate serious investigation or inquiry into the issues, or put a proposal to the board to do so.
  • Should hold executives accountable when compliance and conduct issues are identified. (The letter states: “You also continued to support the sales goals that were a major cause of the problem, and the senior executives who were most responsible for the failures, and . . . you resisted attempts by other directors to hold executives accountable even when the other directors had become aware of the seriousness of the compliance and conduct issues.”)

Lead Independent Director[9]

  • Should obtain sufficient information from firm management to understand and assess problems at the firm, including robust inquiry and demand for further information about serious compliance problems.
  • When apprised of compliance problems, should press firm management for more information and initiate a serious investigation or inquiry or put a proposal to the board to do so. (The letter notes that the former lead independent director’s lack of demand for additional information was not consistent with the duties of the lead director under Wells’s Corporate Governance Guidelines.)
  • As lead independent director, should provide an “alternative view” and “when necessary,” a “check” with respect to executive directors of the board and firm management.


Against the general deregulatory impulse of the Trump administration,[10] the Federal Reserve’s enforcement action and public letters of reprimand are a striking reminder of the persistently rising expectations on boards of directors. Going forward, compliance failures in a number of areas—including consumer protection, workplace harassment, market manipulation, and sanctions/anti-money laundering—may be increasingly scrutinized to evaluate the effectiveness of boards in ensuring an adequate control framework, monitoring red flags, probing senior management’s response, and taking decisive action when required.

In addition to the guidance provided by the Federal Reserve’s letters of reprimand, board members should recall the lessons learned from the investigation report on Wells’s sales practices problems. As we have described previously,[11] those lessons include:

  • The importance of a centralized corporate structure and centralized, independent control functions.
  • Board responsibility to inquire into red flags, obtain more detailed reporting, and insist on concrete actions plans and metrics for corrective action.
  • Bolstering ethics and compliance culture and addressing corrosive aspects of corporate culture.
  • Greater consideration of systematic causes when faced with evidence of employee misconduct.
  • Taking a broader approach to risk and consumer harm by considering potential reputational repercussions and impacts on consumer confidence and trust.

Associate Maxwell David Nacheman contributed to this Client Memorandum.